alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

hosts: remove zephyrus

Browse source
This commit is contained in:
Antoine Martin 2023-12-13 12:05:34 +01:00
parent c2c4035d98
commit 4816c69eb1
7 changed files with 1 additions and 284 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
flake.nix
View file

@ -143,19 +143,6 @@
++ sharedModules;
};
zephyrus = nixpkgs.lib.nixosSystem rec {
inherit system;
modules =
[
./zephyrus.nix
inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-ssd
]
++ sharedModules;
};
hephaestus = nixpkgs.lib.nixosSystem rec {
inherit system;
modules =

112
hosts/zephyrus/default.nix
View file

@ -1,112 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
./secrets.nix
];
boot.kernelPackages = pkgs.linuxPackages;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.useTmpfs = true;
services.btrfs = {
autoScrub = {
enable = true;
fileSystems = ["/"];
};
};
networking.hostName = "zephyrus"; # Define your hostname.
networking.domain = "alarsyo.net";
# Set your time zone.
time.timeZone = "Europe/Paris";
# List services that you want to enable:
my.services = {
tailscale.enable = true;
pipewire.enable = true;
restic-backup = {
enable = true;
repo = "b2:zephyrus-backup";
passwordFile = config.age.secrets."restic-backup/zephyrus-password".path;
environmentFile = config.age.secrets."restic-backup/zephyrus-credentials".path;
timerConfig = {
OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day
};
paths = [
"/home/alarsyo"
];
exclude = [
"/home/alarsyo/Downloads"
# Rust builds using half my storage capacity
"/home/alarsyo/**/target"
"/home/alarsyo/work/rust/build"
# don't backup nixpkgs
"/home/alarsyo/work/nixpkgs"
"/home/alarsyo/go"
# C build crap
"*.a"
"*.o"
"*.so"
# test vms
"*.qcow2"
# secrets stay offline
"/home/alarsyo/**/secrets"
# ignore all dotfiles as .config and .cache can become quite big
"/home/alarsyo/.*"
];
};
};
virtualisation.docker.enable = true;
virtualisation.libvirtd.enable = true;
programs.dconf.enable = true;
services = {
tlp = {
settings = {
START_CHARGE_THRESH_BAT0 = 70;
STOP_CHARGE_THRESH_BAT0 = 80;
};
};
fwupd.enable = true;
openssh.enable = true;
};
my.gui.enable = true;
services.udev.packages = [pkgs.chrysalis];
services.udisks2.enable = true;
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
settings.General.Experimental = true;
};
programs.light.enable = true;
}

70
hosts/zephyrus/hardware-configuration.nix
View file

@ -1,70 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: let
inherit
(lib)
mkDefault
;
in {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
fsType = "btrfs";
options = ["subvol=@" "compress=zstd" "noatime"];
};
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c59e7067-e33c-474c-9b8e-96d0e8f59297";
fileSystems."/home" = {
device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
fsType = "btrfs";
options = ["subvol=@home" "compress=zstd" "noatime"];
neededForBoot = true; # agenix needs my key for some root secrets
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
fsType = "btrfs";
options = ["subvol=@nix" "compress=zstd" "noatime"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D9DA-F46C";
fsType = "vfat";
};
fileSystems."/swap" = {
device = "/dev/disk/by-uuid/6395cef1-c30b-450a-917c-cfb3c0380642";
fsType = "btrfs";
options = ["subvol=@swap" "compress=zstd" "noatime"];
};
swapDevices = [
{
device = "/swap/swapfile";
size = 1024 * 8; # half of RAM size
}
];
powerManagement.cpuFreqGovernor = mkDefault "powersave";
hardware = {
enableRedistributableFirmware = true;
cpu.intel.updateMicrocode = true;
};
}

39
hosts/zephyrus/home.nix
View file

@ -1,39 +0,0 @@
{
config,
pkgs,
...
}: {
home-manager.users.alarsyo = {
my.home.laptop.enable = true;
# Keyboard settings & i3 settings
my.home.x.enable = true;
my.home.x.i3bar.temperature.chip = "coretemp-isa-*";
my.home.x.i3bar.temperature.inputs = ["Core 0" "Core 1" "Core 2" "Core 3"];
my.home.x.i3bar.networking.throughput_interfaces = ["enp0s31f6" "wlp0s20f3" "enp43s0u1u1"];
my.home.emacs.enable = true;
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
home.packages = builtins.attrValues {
inherit
(pkgs)
# some websites only work there :(
chromium
darktable
# dev
rustup
gdb
valgrind
arandr
zotero
;
inherit (pkgs.packages) spot;
inherit (pkgs.wineWowPackages) stable;
};
};
}

23
hosts/zephyrus/secrets.nix
View file

@ -1,23 +0,0 @@
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
in
lib.mapAttrs toSecret {
"restic-backup/zephyrus-credentials" = {};
"restic-backup/zephyrus-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
};
}

5
modules/secrets/secrets.nix
View file

@ -6,9 +6,8 @@ let
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades";
hephaestus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7Cp+n5+huof68QlAoJV8bVf5h5p9kEZFAVpltWopdL root@hephaestus";
poseidon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhZYMbWQG9TSQ2qze8GgFo2XrZzgu/GuSOGwenByJo root@poseidon";
zephyrus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU4JfIADH9MXUnVe+3ezYK9WXsqy/jJcm1zFkmL4aSU root@zephyrus";
machines = [boreal hades hephaestus poseidon zephyrus];
machines = [boreal hades hephaestus poseidon];
all = users ++ machines;
in {
@ -37,8 +36,6 @@ in {
"restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus];
"restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon];
"restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon];
"restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus];
"restic-backup/zephyrus-credentials.age".publicKeys = [alarsyo zephyrus];
"users/root-hashed-password.age".publicKeys = machines;
"users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo];

23
zephyrus.nix
View file

@ -1,23 +0,0 @@
{...}: {
imports = [
# Default configuration
./base
# Module definitions
./modules
# Service definitions
./services
# Host-specific config
./hosts/zephyrus
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
}